Support

A cookie is a piece of data stored by your browser or device that helps websites like this one recognize return visitors. We use cookies to give you the best experience on BNA.com. Some cookies are also necessary for the technical operation of our website. If you continue browsing, you agree to this site’s use of cookies.

Marketing Services

Bloomberg Next marketing services allow clients to elevate their brands and extend their reach through our established and trusted expertise, enhanced with engaging event production, appealing design, and compelling messaging.

Financial Data

Today's technically superior and incredibly well-funded hackers aren't impeded by
breach prevention and traditional security solutions used in financial services organizations,
but by using advanced and field-proven deception-based technology, financial firms
can go on the offensive—taking the fight to the hackers until they are shut down,
the author writes.

By Yoel Knoll

Yoel Knoll is the vice president of marketing at TopSpin Security Inc.

Today's technically superior and incredibly well-funded hackers are not impeded by
breach prevention and traditional security solutions used in financial services organizations.
Security professionals have accepted that no matter how hard their teams try, it is
nearly impossible to keep hackers out of a financial firm's network.

Industry research supports these presumptions. Financial services is an attractive
and lucrative target for attackers. According to research by the Ponemon Institute,
last year within financial services, 83 percent organizations experienced more than
50 attacks per month.

Although sophisticated perimeter-based solutions are still the mainstay of financial
organizations'
security efforts, firms are turning attention and resources away from trying to keep
hackers out and toward simply ensuring that all data is safe from intruders. Doing
so involves preparing proactive security plans for the inevitable presence of hackers
in the network. And in today's complex security climate, more financial organizations
are choosing deception solutions as an approach to meet these challenges.

1. Build Offensive Security Postures

To keep financial and client data safe, an intruder must not be able to gain access
to any real private information. That sounds obvious, but what is not so clear is
how to accomplish this goal. Financial firms should choose a deception solution that
enables them to go on the offensive. This means actively hunting attackers, leading
them into decoys, and preventing them from reaching actual company data.

Advanced deception systems also provide useful data about the attackers, proactively
developing intelligence to find their command and control systems, understand how
the connection is established and what protocols are being used. The threat intelligence
and visibility generated by drawing the attacker in rather than simply attempting
to repulse the attack enables teams to understand the goals of the attacker—preventing
not only the current single attack, but also future attacks.

2. Correctly Place Traps

To keep data safe, traps need to be placed correctly in the financial network. Deception
solutions with smart monitoring and analysis of the network traffic allow organizations
to profile their assets and create an accurate model of their network. Then, they
can overlay the network with a deception layer that fits their unique characteristics.
There must be enough traps deployed for a hacker to trigger, and enough relevant decoys
that look appealing and realistic. For example:

an asset that appears to be an organization's server, but is really an emulated service
made to lure and trap the attacker;

a network device that appears to be a camera or a printer, but is really a decoy;

an asset that appears to be running tools known to be prone to security issues, but
instead confuses an attacker;

a password hidden in an e-mail that, when used, attracts the attention of defenders;

cookies directing the attacker to a URL which is in fact an internal web site.

In addition, deception technology must be able to actively adjust itself to changing
financial network environments, moving decoys and setting traps automatically as networks
evolve. This can be achieved only by constantly monitoring network traffic to adjust
to changing networks and protect new assets that are introduced.

3. Weave Your Web of Deception

With correctly and strategically placed traps and decoys, hackers find themselves
looking for financial information in decoys, literally stuck in a false network of
fake information. Unknowingly caught in a web of deception, the hacker never fully
accesses the real network.

The longer hackers need to look for information, the more time the organization has
to stop them and ensure the security of their data. Moreover, in keeping with the
concept of an offensive security posture, the longer a hacker engages with a decoy
system, the more information can be gathered about the attack, its targets and even
its origin. Then, according to the financial firm's incident response and remediation
program, teams can take actions such as isolating the infected asset, blocking internet
protocol addresses utilized by the attackers and deleting or disabling the process
used to launch the attack.

The Bottom Line

Accepting the futility of prevention-based and traditional defense in financial services
is the first step to data security. And once financial organizations agree that hackers
will get in, the question is: Do we act or react? By using advanced and field-proven
deception-based technology, financial firms can go on the offensive—taking the fight
to the hackers until they are shut down.

All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to books@bna.com.

Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)

Notify me when updates are available (No standing order will be created).

This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to research@bna.com.

Put me on standing order

Notify me when new releases are available (no standing order will be created)